AWS::WAFv2::RuleGroup JsonBody - Amazon CloudFormation
SyntaxPropertiesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::WAFv2::RuleGroup JsonBody

Inspect the body of the web request as JSON. The body immediately follows the request headers.

This is used to indicate the web request component to inspect, in the FieldToMatch specification.

Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. Amazon WAF inspects only the parts of the JSON that result from the matches that you indicate.

Example JSON: "JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "InvalidFallbackBehavior" : String,
  "MatchPattern" : JsonMatchPattern,
  "MatchScope" : String,
  "OversizeHandling" : String
}

Properties

InvalidFallbackBehavior

What Amazon WAF should do if it fails to completely parse the JSON body. The options are the following:

  • EVALUATE_AS_STRING - Inspect the body as plain text. Amazon WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string.

  • MATCH - Treat the web request as matching the rule statement. Amazon WAF applies the rule action to the request.

  • NO_MATCH - Treat the web request as not matching the rule statement.

If you don't provide this setting, Amazon WAF parses and evaluates the content only up to the first parsing failure that it encounters.

Amazon WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array.

Amazon WAF parses the JSON in the following examples as two valid key, value pairs:

  • Missing comma: {"key1":"value1""key2":"value2"}

  • Missing colon: {"key1":"value1","key2""value2"}

  • Extra colons: {"key1"::"value1","key2""value2"}

Required: No

Type: String

Allowed values: EVALUATE_AS_STRING | MATCH | NO_MATCH

Update requires: No interruption

MatchPattern

The patterns to look for in the JSON body. Amazon WAF inspects the results of these pattern matches against the rule inspection criteria.

Required: Yes

Type: JsonMatchPattern

Update requires: No interruption

MatchScope

The parts of the JSON to match against using the MatchPattern. If you specify All, Amazon WAF matches against keys and values.

Required: Yes

Type: String

Allowed values: ALL | KEY | VALUE

Update requires: No interruption

OversizeHandling

What Amazon WAF should do if the body is larger than Amazon WAF can inspect. Amazon WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to Amazon WAF for inspection.

The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL AssociationConfig, for additional processing fees.

The options for oversize handling are the following:

  • CONTINUE - Inspect the body normally, according to the rule inspection criteria.

  • MATCH - Treat the web request as matching the rule statement. Amazon WAF applies the rule action to the request.

  • NO_MATCH - Treat the web request as not matching the rule statement.

You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.

Default: CONTINUE

Required: No

Type: String

Allowed values: CONTINUE | MATCH | NO_MATCH

Update requires: No interruption

Examples

Set the JSON body specification

The following shows an example JSON body field to match specification.

YAML

FieldToMatch:
  JsonBody:
    MatchPattern:
      IncludedPaths:
      - "/dogs/0/name"
      - "/cats/0/name"
    MatchScope: ALL
    InvalidFallbackBehavior: EVALUATE_AS_STRING 
    OversizeHandling: MATCH

JSON

"FieldToMatch": {
  "JsonBody": {
    "MatchPattern": {
      "IncludedPaths": [
        "/dogs/0/name",
        "/cats/0/name"
      ]
    },
    "MatchScope": "ALL",
    "InvalidFallbackBehavior": "EVALUATE_AS_STRING",
    "OversizeHandling": "MATCH" 
  }
}